Shadow IT Alert: Half of Home Workers Buy Potentially Insecure Kit

Incidents of shadow IT have snowballed during the pandemic as remote workers bought devices without vetting from the IT department, a new report from HP has warned.

The tech giant’s Out of Sight and Out of Mind report is based on a global survey of 1100 IT decision-makers and a separate poll of more than 8400 home workers in the US, the UK, Mexico, Germany, Australia, Canada, and Japan.

Nearly half (45%) said they’d bought IT equipment such as printers or PCs to support home working over the past year.

However, 68% said security wasn’t as big a consideration as other factors like price or functionality when purchasing. Even worse, 43% didn’t have their new laptop or PC checked or installed by IT, and 50% said the same of their new printer.

IT is also being bypassed when it comes to reporting incidents, the study found. Even though three-quarters (74%) of IT teams claimed to have seen a rise in the number of employees opening malicious phishing links or attachments in the past year, most (70%) home workers who clicked said they didn’t report it.

That will hurt IT’s attempts to understand the level of risk the business faces and where it needs to tweak policy or direct security resources.

The combined impact of these shadow IT challenges is already pronounced: 79% of IT leaders reported that rebuild rates for machines increased during the pandemic. This indicates PCs and laptops have been compromised by malware.

It’s also having an impact on IT teams themselves. Two-thirds of IT leaders said that patching endpoint devices is more time-consuming and challenging than pre-pandemic. As a result, they estimated the cost of IT support concerning security has risen by 52% in the past 12 months.

Some 83% claimed home worker security problems had put more strain on the IT team, and over three-quarters (77%) are worried staff will burnout as a result.

“As IT continues to grow in complexity, security support is becoming unmanageable. For hybrid working to be a success, IT security teams need to be freed from spending hours provisioning and fielding user access requests so they can focus on tasks that add value,” argued HP’s global head of security for personal systems, Ian Pratt.

“We need a new security architecture that not only protects against known and unknown threats, but that helps to reduce the burden to liberate cybersecurity teams and users alike. By applying the principles of zero trust, organizations can design resilient defenses to keep the business safe and recover quickly in the event of a compromise.”

What’s Hot on Infosecurity Magazine?